Elastic Security
Wat is Elastic Security?
Unify SIEM, endpoint security, and cloud security
Elastic Security modernizes security operations — enabling analytics across years of data, automating key processes, and bringing native endpoint security to every host.
Elastic Security equips teams to prevent, detect, and respond to threats at cloud speed and scale — securing business operations with a unified, open platform.
Wie gebruikt Elastic Security?
Elastic is built for relevance at scale, easily able to support small businesses, the largest multinationals, and everything in between.
Twijfels over Elastic Security?
Vergelijk met een populair alternatief
Elastic Security
Andere goede alternatieven voor Elastic Security
Reviews over Elastic Security
Animesh
Best for Cloud and ELK Module Security
Opmerkingen: I have integrated this product with my ELK Module and the best thing is that it is a known product for IT Monitoring and anomaly detection. It is a very simple and easy to use and areliable method for gathering authentication data from service providers.
Pluspunten:
Its adaptability and scalability are quite valuable. We may create a variety of scenarios and obtain logs from different sources. We can change it in multiple ways with the help of Logstash. This makes Elastic's logging search a breeze. It is also faster than any other products available in the market like IBM QRadar.
Minpunten:
The Integration module has room for improvement. Building integration with any product is a difficult task. Unlike other commercial systems that employ profile integration, this one does not. On the SIEM side, there is also room for improvement for a better user experience.
Jim
Overwogen alternatieven:
Scale, Features, Functionality.
Opmerkingen: Excellent. The ELK stack is the foundation of our audit process, and it's held up really well. The installation can be automated, and archiving in the AWS environment works quite well. We have not yet had a problem in scaling resources to match our resource needs. The integrations with logstash, beats and kibana have been excellent, and used to great effect.
Pluspunten:
Scale: You can run this from a single server or even co-installed on a database or file server. I wouldn't recommend it, but let's just say it will run in a small box. On the top side, Elasticsearch will run in clusters managing multiple Terabytes of data. Features: Excellent flexibility to absorb multiple types of data sources, and great integration with Logstash and Kibana.
Minpunten:
The upgrades in terms of archived data. This platform changes significantly on an annual basis. If you do a ton of customization, automation, or work with a lot of data, this can be an issue as you will need to update ALL of your data for every upgrade.
RJ
A free alternative to paid juggernaughts
Opmerkingen: I used this software to easily and quickly search SIEM logs.
Pluspunten:
The most appealing aspect of Elasticsearch is the price. It can perform well with a lot of tuning and can be tailored to your needs.
Minpunten:
Ultimately, Elasticsearch needs a lot of tuning to perform well and a lot of care and feeding to be reliable. The money saved on running Elasticsearch is easily spent two and three fold on specialized labor to keep it running.
Geverifieerde reviewer
Best way to process application log data
Opmerkingen: We had lots of network-related log files with millions of records to be processed and identify errors, user activity, and many other pieces of information. If we didn't have Elasticsearch its a nightmare to process those. With the help of Elasticsearch, we were able to process those and even visualize them with nice graphs and charts. ultimately we were able to build an automated alerting system when there is an error or unusual user activity in the network system.
Pluspunten:
It's really easy to set up and there are not many configurations need to get started with. It comes with other supporting tools such as Filebeats to collect the logs from the files, Logstash to ship data to Elasticsearch, and Kibana to visualize the data. It processes millions of data within seconds. Elasticsearch can be clustered with multiple nodes and it guarantees higher data availability. Elasticsearch has lots of proper documentation and community support. It's easy to integrate with programming languages such as Java
Minpunten:
Elasticsearch doesn't provide backward version compatibility. We have to use the same version of Elasticsearch, Logstash, and Kibana. Data is getting saved as files inside Elasticsearch and those can get deleted. There is no easy way to edit the data.
Matthew
Superb search, logging, and analytics platform
Opmerkingen: Searching a database of parameterized data to provide results to buyers. Ingesting millions of product updates on a daily basis from dozens of distributors. Logging and analyzing user activity for business metrics, system performance, and security. Elasticsearch has been a vital tool for all these use cases.
Pluspunten:
Search functionality is our basic need, and Elasticsearch nails it - scalable, fast, efficient. It is also good at logging, aggregation, and analytics when used in combination with the rest of the Elastic stack.
Minpunten:
It's complex and can be a challenge to dial in performance unless you have a really vanilla use case. Docs are light on details and examples, so there is a fair amount of trial and error.
